Skip to content

Add SARIF upload functionality #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 8, 2025
Merged

Add SARIF upload functionality #20

merged 6 commits into from
Jul 8, 2025

Conversation

Perdiga
Copy link
Collaborator

@Perdiga Perdiga commented Jul 8, 2025
edited
Loading

Analyze and upload file to github with metadata inputs
codeql-wrapper analyze /path/to/repo --upload-sarif --repository owner/repository --commit-sha $COMMIT_SHA --ref refs/heads/main

Analyze and upload file to github detecting metadata inputs from git folder
codeql-wrapper analyze /path/to/repo --upload-sarif

@Copilot Copilot AI review requested due to automatic review settings July 8, 2025 14:09
@Perdiga Perdiga changed the title Develop upload sarif Add SARIF upload functionality Jul 8, 2025
Copilot

This comment was marked as outdated.

Sign in to view

@Perdiga Perdiga requested a review from Copilot July 8, 2025 14:38
Copilot

This comment was marked as outdated.

Sign in to view

@Perdiga Perdiga requested a review from Copilot July 8, 2025 16:05
Copilot

This comment was marked as outdated.

Sign in to view

@Perdiga Perdiga requested a review from Copilot July 8, 2025 17:44
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 8, 2025
View reviewed changes
Copilot

This comment was marked as outdated.

Sign in to view

@Perdiga Perdiga requested a review from Copilot July 8, 2025 18:06
Copilot
Copilot AI reviewed Jul 8, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds built-in SARIF upload support to the CodeQL wrapper, enabling users to analyze a repository and then automatically upload the results to GitHub Code Scanning with optional auto-detection of Git metadata.

  • Introduces SarifUploadUseCase and related request/result entities
  • Extends the CLI with --upload-sarif options and a new upload-sarif command
  • Adds Git metadata detection (GitUtils), tests, docs updates, and version bump

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/test_sarif_upload_use_case.py Add unit tests for the SARIF upload use case
tests/test_cli.py Update CLI tests for upload-sarif options and new command
tests/test_git_utils.py Add tests for GitUtils (auto-detecting repo info)
src/codeql_wrapper/infrastructure/git_utils.py Implement GitUtils to extract repo, SHA, and ref
src/codeql_wrapper/domain/entities/codeql_analysis.py Add SarifUploadRequest & SarifUploadResult dataclasses
src/codeql_wrapper/domain/entities/init.py Export the new SARIF upload entities
src/codeql_wrapper/domain/use_cases/sarif_upload_use_case.py Implement SARIF upload use case (CodeQL CLI integration)
src/codeql_wrapper/domain/use_cases/init.py Export SarifUploadUseCase
src/codeql_wrapper/cli.py Add --upload-sarif options, integrate upload in analyze, and new upload-sarif command
README.md Document SARIF upload feature, examples, and CI/CD snippets
pyproject.toml Bump package version to 0.1.2
.flake8 Increase max line length to accommodate new CLI code
Comments suppressed due to low confidence (2)

src/codeql_wrapper/cli.py:146

  • The CLI calls sys.exit(...) and uses Path but neither sys nor Path is imported in this file; add import sys and from pathlib import Path at the top.
                sys.exit(1)

src/codeql_wrapper/cli.py:420

  • [nitpick] These debug click.echo statements appear to be leftover from development. Consider removing them or gating them behind a verbose/debug flag.
        )

@Perdiga Perdiga merged commit 54c2a49 into main Jul 8, 2025
7 checks passed
@fernandosantos-br fernandosantos-br deleted the develop-upload-sarif branch July 21, 2025 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Perdiga @actions-user